diff --git a/README.md b/README.md index 2ed6f90e8..1e0139865 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ -![EKS Charts](https://github.com/aws/eks-charts/actions/workflows/ci.yaml/badge.svg) - -## EKS Charts +# EKS Charts Add the EKS repository to Helm: @@ -24,10 +22,6 @@ helm repo add eks https://aws.github.io/eks-charts > [!WARNING] > This Helm chart is now deprecated. Please see the current chart located in the [aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler/tree/main/config/helm/aws-node-termination-handler) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler) -### AWS Calico - -**This Helm chart is deprecated**. To install Calico network policy enforcement on AWS, follow the EKS [user guide](https://docs.aws.amazon.com/eks/latest/userguide/calico.html). - ### AWS CloudWatch Metrics * [aws-cloudwatch-metrics](stable/aws-cloudwatch-metrics): A helm chart for CloudWatch Agent to Collect Cluster Metrics @@ -50,9 +44,8 @@ helm repo add eks https://aws.github.io/eks-charts ### AWS Secrets Manager and Config Provider for Secret Store CSI Driver -**This Helm chart is deprecated, please switch to which is reviewed, owned and maintained by AWS.** - -* [csi-secrets-store-provider-aws](stable/csi-secrets-store-provider-aws): A helm chart for [AWS Secrets Manager and Config Provider](https://github.com/aws/secrets-store-csi-driver-provider-aws) +> [!WARNING] +> This Helm chart is deprecated, please switch to [AWS Secrets Manager and Config Provider](https://github.com/aws/secrets-store-csi-driver-provider-aws) which is reviewed, owned and maintained by AWS ### Amazon EC2 Metadata Mock @@ -62,7 +55,8 @@ helm repo add eks https://aws.github.io/eks-charts * [cni-metrics-helper](stable/cni-metrics-helper): A helm chart for [CNI Metrics Helper](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/cmd/cni-metrics-helper/README.md) -### EKS EFA Plugin +### EKS EFA K8s Device Plugin + * [aws-efa-k8s-device-plugin](stable/aws-efa-k8s-device-plugin): A helm chart for the [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) plugin, which automatically discovers and mounts EFA devices into pods that request them ## License diff --git a/stable/csi-secrets-store-provider-aws/.helmignore b/stable/csi-secrets-store-provider-aws/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/stable/csi-secrets-store-provider-aws/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/stable/csi-secrets-store-provider-aws/Chart.lock b/stable/csi-secrets-store-provider-aws/Chart.lock deleted file mode 100644 index 62ce1cf66..000000000 --- a/stable/csi-secrets-store-provider-aws/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: secrets-store-csi-driver - repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - version: 1.1.2 -digest: sha256:f06286259a5edd280b6f4d93a244eb9c116b1d0fe855354edf304ae1c8e30543 -generated: "2022-05-12T09:01:11.009668+02:00" diff --git a/stable/csi-secrets-store-provider-aws/Chart.yaml b/stable/csi-secrets-store-provider-aws/Chart.yaml deleted file mode 100644 index a3430c110..000000000 --- a/stable/csi-secrets-store-provider-aws/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: csi-secrets-store-provider-aws -version: 0.0.4 -appVersion: 1.0.r2-6-gee95299-2022.04.14.21.07 -kubeVersion: ">=1.17.0-0" -deprecated: true -description: This Helm chart is deprecated, please switch to https://aws.github.io/secrets-store-csi-driver-provider-aws/ -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - "https://github.com/aws/secrets-store-csi-driver-provider-aws" -home: "https://github.com/aws/secrets-store-csi-driver-provider-aws" -# I put my name because I did not know who else to insert but -# more than willingly I pass the burden and honors to someone else. -maintainers: - - name: Pierluigi Lenoci - email: pierluigi.lenoci@gmail.com -dependencies: -- name: secrets-store-csi-driver - repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - version: 1.1 - condition: secrets-store-csi-driver.install -keywords: - - eks - - secrets-store-csi-driver - - csi \ No newline at end of file diff --git a/stable/csi-secrets-store-provider-aws/README.md b/stable/csi-secrets-store-provider-aws/README.md deleted file mode 100644 index 9777aeed3..000000000 --- a/stable/csi-secrets-store-provider-aws/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# csi-secrets-store-provider-aws - -**This Helm chart is deprecated, please switch to https://aws.github.io/secrets-store-csi-driver-provider-aws/ which is reviewed, owned and maintained by AWS.** - ------------------ - -AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. - -### Prerequisites - -- [Helm3](https://helm.sh/docs/intro/quickstart/#install-helm) - -### Installing the Chart - -- This chart installs the [secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) and the AWS Secrets Manager and Config Provider for Secret Store CSI Driver - -```shell -helm repo add eks https://aws.github.io/eks-charts -helm install eks/csi-secrets-store-provider-aws --generate-name --namespace kube-system -``` - -### Create the access policy - -Follow the [Usage](https://github.com/aws/secrets-store-csi-driver-provider-aws#usage) guide. - -### Configuration - -The following table lists the configurable parameters of the csi-secrets-store-provider-aws chart and their default values. - -> Refer to [doc](https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/main/charts/secrets-store-csi-driver/README.md) for configurable parameters of the secrets-store-csi-driver chart. - -| Parameter | Description | Default | -| --- | --- | --- | -| `nameOverride` | String to override the name template with a string | `""` | -| `fullnameOverride` | String to override the fullname template with a string | `""` | -| `imagePullSecrets` | Secrets to be used when pulling images | `[]` | -| `image.registry` | Image registry | `public.ecr.aws` | -| `image.repository` | Image repository | `aws-secrets-manager/secrets-store-csi-driver-provider-aws` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.tag`| Image tag | `.Chart.AppVersion` | -| `priorityClassName` | Indicates the importance of a Pod relative to other Pods | `""` | -| `nodeSelector` | Node Selector for the daemonset on nodes | `{}` | -| `tolerations` | Tolerations for the daemonset on nodes | `[]` | -| `ports` | Liveness and readyness tcp probe port | `8989` | -| `privileged` | Privileged security context | `false` -| `resources`| Resource limit for provider pods on nodes | `requests.cpu: 50m`
`requests.memory: 100Mi`
`limits.cpu: 50m`
`limits.memory: 100Mi` | -| `podLabels`| Additional pod labels | `{}` | -| `podAnnotations` | Additional pod annotations| `{}` | -| `updateStrategy` | Configure a custom update strategy for the daemonset on nodes | `RollingUpdate`| -| `secrets-store-csi-driver.install` | Secrets Store CSI Driver chart install | `true` -| `rbac.install` | Install default service account | true | -| `rbac.pspEnabled` | Pod Security Pods | false | -| `rbac.serviceAccount.name` | Service account to be used. If not set and serviceAccount.create is true a name is generated using the fullname template. | | diff --git a/stable/csi-secrets-store-provider-aws/templates/NOTES.txt b/stable/csi-secrets-store-provider-aws/templates/NOTES.txt deleted file mode 100644 index 7646f9507..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -{{ $.Chart.Name }} has been installed. Check its status by running: - kubectl --namespace {{ .Release.Namespace }} get ds - -Visit https://github.com/aws/eks-charts/tree/master/stable/csi-secrets-store-provider-aws diff --git a/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl b/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl deleted file mode 100644 index 9dcef6d3b..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sscdpa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sscdpa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Standard labels for helm resources -*/}} -{{- define "sscdpa.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "sscdpa.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - app: {{ template "sscdpa.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* -Name of the service account to use -*/}} -{{- define "sscdpa.serviceAccountName" -}} - {{ default (include "sscdpa.fullname" .) .Values.rbac.serviceAccount.name }} -{{- end -}} - -{{/* -Name of the pod security policy to use -*/}} -{{- define "sscdpa.psp.fullname" -}} -{{- printf "%s-psp" (include "sscdpa.fullname" .) -}} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml b/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml deleted file mode 100644 index 9fa7951b3..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "sscdpa.fullname" . }}-cluster-role -{{ include "sscdpa.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["serviceaccounts/token"] - verbs: ["create"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get"] -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml b/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml deleted file mode 100644 index 882cc8f63..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.rbac.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "sscdpa.fullname" . }}-cluster-role-binding -{{ include "sscdpa.labels" . | indent 2 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "sscdpa.fullname" . }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml b/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml deleted file mode 100644 index dee0c24aa..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sscdpa.fullname" . }} - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -spec: - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - selector: - matchLabels: - app: {{ template "sscdpa.name" . }} - template: - metadata: -{{ include "sscdpa.labels" . | indent 6 }} -{{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{- toYaml .Values.podAnnotations | nindent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - serviceAccountName: {{ template "sscdpa.serviceAccountName" . }} - hostNetwork: true - containers: - - name: provider-aws-installer - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --provider-volume=/etc/kubernetes/secrets-store-csi-providers - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- if .Values.privileged }} - securityContext: - privileged: true - {{- end }} - volumeMounts: - - mountPath: "/etc/kubernetes/secrets-store-csi-providers" - name: provider-vol - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: provider-vol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml b/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml deleted file mode 100644 index 4f4ea873b..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "sscdpa.psp.fullname" . }} -{{ include "sscdpa.labels" . | indent 2 }} -spec: - seLinux: - rule: RunAsAny - privileged: true - volumes: - - hostPath - - secret - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/role.yaml b/stable/csi-secrets-store-provider-aws/templates/role.yaml deleted file mode 100644 index 74a32acd3..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "sscdpa.psp.fullname" . }}-role - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -rules: - - apiGroups: [ 'policy' ] - resources: [ 'podsecuritypolicies' ] - verbs: [ 'use' ] - resourceNames: - - {{ template "sscdpa.psp.fullname" . }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml b/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml deleted file mode 100644 index 0c292dd74..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "sscdpa.psp.fullname" . }}-role-binding - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "sscdpa.psp.fullname" . }}-role -subjects: - - kind: ServiceAccount - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml b/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml deleted file mode 100644 index dd7a2ec20..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{ if .Values.rbac.install }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -{{ end }} diff --git a/stable/csi-secrets-store-provider-aws/values.yaml b/stable/csi-secrets-store-provider-aws/values.yaml deleted file mode 100644 index 110787c02..000000000 --- a/stable/csi-secrets-store-provider-aws/values.yaml +++ /dev/null @@ -1,42 +0,0 @@ - -imagePullSecrets: [] - -image: - registry: public.ecr.aws - repository: aws-secrets-manager/secrets-store-csi-driver-provider-aws - ## defaults to app.Version - tag: - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: [] - -port: 8989 - -privileged: false - -resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 50m - memory: 100Mi - -podLabels: {} -podAnnotations: {} - -updateStrategy: - type: RollingUpdate - -secrets-store-csi-driver: - install: true - -## Install default service account -rbac: - install: true - pspEnabled: false - serviceAccount: - name: - -priorityClassName: ""